Page 3 of 25 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 36EXPL: 0

CVE-2021-35977

https://notcve.org/view.php?id=CVE-2021-35977

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. Se ha detectado un problema en Digi RealPort para Windows versiones hasta 4.8.488.0. Se presenta un desbordamiento del búfer en el manejo de los mensajes de respuesta de detección ADDP. • https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-38412 – Digi PortServer TS 16 Improper Authentication

https://notcve.org/view.php?id=CVE-2021-38412

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in. Las peticiones POST correctamente formateadas a múltiples recursos en los servidores web HTTP y HTTPS del dispositivo Digi PortServer TS 16 Rack no requieren autenticación ni tokens de autenticación. Esta vulnerabilidad podría permitir a un atacante habilitar el servicio SNMP y manipular las cadenas de comunidad para lograr un mayor control en • https://us-cert.cisa.gov/ics/advisories/icsa-21-257-01 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-12878

https://notcve.org/view.php?id=CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. Digi ConnectPort X2e versiones anteriores a 3.2.30.6, permite a un atacante escalar privilegios del usuario de Python a root por medio de un ataque symlink que usa chown, relacionado con el archivo /etc/init.d/S50dropbear.sh y el directorio /WEB/python/.ssh • https://github.com/fireeye/Vulnerability-Disclosures https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0020/FEYE-2020-0020.md https://www.digi.com/support/productdetail?pid=5570 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.3EPSS: 1%CPEs: 328EXPL: 0

CVE-2020-10136 – IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic

https://notcve.org/view.php?id=CVE-2020-10136

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. Múltiples productos que implementan la IP Encapsulation dentro del estándar IP (RFC 2003, STD 1) desencapsulan y enrutan el tráfico IP-in-IP sin ninguna comprobación, lo que podría permitir a un atacante remoto no autenticado enrutar tráfico arbitrario por medio de una interfaz de red expuesta y conllevar a una falsificación, omisión de control de acceso y otros comportamientos inesperados de la red. • https://datatracker.ietf.org/doc/html/rfc6169 https://kb.cert.org/vuls/id/636397 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4 https://www.digi.com/resources/security https://www.kb.cert.org/vuls/id/636397 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-18868

https://notcve.org/view.php?id=CVE-2017-18868

Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. Los dispositivos Digi XBee versión 2, no tienen un mecanismo de protección efectivo contra los comandos AT remotos, debido a problemas relacionados con la pila de red sobre la cual el protocolo ZigBee se construye. • https://www.hindawi.com/journals/scn/2017/1723658 • CWE-276: Incorrect Default Permissions •